This question exists because it has historical significance, but it is not considered a good, on-topic question for this site, so please do not use it as evidence that you can ask similar questions here. This question and its answers are frozen and cannot be changed. More info: help center.

But if they had specified behaviour on overflow, it would have made it very slow on architectures where that was not the normal behaviour. Very low runtime overhead has always been a design goal of C, and that has meant that a lot of things like this are undefined.
– Mark BakerOct 17 '08 at 8:38

9

I'm very well aware of why overflow is UB. It is still a misfeature, because the standard should have at least provided library routines that can test for arithmetic overflow (of all basic operations) w/o causing UB.
– zvrbaJan 20 '09 at 20:51

2

@zvrba, "library routines that can test for arithmetic overflow (of all basic operations)" if you had added this then you would have incurred significant performance hit for any integer arithmetic operations. ===== Case study Matlab specifically ADDS the feature of controlling integer overflow behavior to wrapping or saturate. And it also throws an exception whenever overflow occurs ==> Performance of Matlab integer operations: VERY SLOW. My own conclusion: I think Matlab is a compelling case study that shows why you don't want integer overflow checking.
– Trevor Boyd SmithJun 11 '09 at 13:35

15

I said that the standard should have provided library support for checking for arithmetic overflow. Now, how can a library routine incur a performance hit if you never use it?
– zvrbaJun 12 '09 at 18:52

5

A big negative is that GCC does not have a flag to catch signed integer overflows and throw a runtime exception. While there are x86 flags for detecting such cases, GCC does not utilize them. Having such a flag would allow non-performance-critical (especially legacy) applications the benefit of security with minimal to no code review and refactoring.
– Andrew KeetonJun 22 '09 at 0:23

These are an optional item in the standard, but it must be a hidden feature, because people are constantly redefining them. One code base I've worked on (and still do, for now) has multiple redefinitions, all with different identifiers. Most of the time it's with preprocessor macros:

#define INT16 short
#define INT32 long

And so on. It makes me want to pull my hair out. Just use the freaking standard integer typedefs!

I think they are C99 or so. I haven't found a portable way to ensure these would be around.
– akauppiSep 25 '08 at 19:25

3

They are an optional part of C99, but I know of no compiler vendors that don't implement this.
– Ben CollinsSep 25 '08 at 21:07

10

stdint.h isn't optional in C99, but following the C99 standard apparently is for some vendors (cough Microsoft).
– Ben CombeeOct 22 '08 at 17:54

5

@Pete, if you want to be anal: (1) This thread has nothig to do with any Microsoft product. (2) This thread never had anything to do with C++ at all. (3) There is no such thing as C++ 97.
– Ben CollinsMar 1 '09 at 21:20

can != should, of course. The danger with overloading it is that the built in applies to everything already, including void, so will never fail to compile for lack of available overload. Ie, gives programmer much rope.
– AaronJul 6 '09 at 17:45

The int inside the loop will not work with C: it's a C++ improvment. Is the "," the same operation as for (i=0,j=10;i<j; j--, i++) ?
– AifNov 26 '10 at 14:00

3

@Aif: the int inside the loop will work in C99.
– splicerMar 11 '11 at 2:54

@simonn, no it doesn't do undefined behavior if the structure contains non-integral types. memset with 0 on the memory of a float/double will still be zero when you interpret the float/double (float/double are designed like that on purpose).
– Trevor Boyd SmithJun 11 '09 at 13:59

6

@Andrew: memset/calloc do "all bytes zero" (i.e. physical zeroes), which is indeed not defined for all types. { 0 } is guaranteed to intilaize everything with proper logical zero values. Pointers, for example, are guranteed to get their proper null values, even if the null-value on the given platform is 0xBAADFOOD.
– AnTOct 28 '09 at 10:12

1

@nvl: You get physical zero when you just forcefully set all memory occupied by the object to all-bits-zero state. This is what memset does (with 0 as second argument). You get logical zero when you initialize/assign 0 ( or { 0 }) to the object in the source code. These two kinds of zeros do not necessarily produce the same result. As in the example with pointer. When you do memset on a pointer, you get a 0x0000 pointer. But when you assign 0 to a pointer, you get null pointer value, which at the physical level might be 0xBAADF00D or anything else.
– AnTFeb 26 '10 at 16:29

3

@nvl: Well, in practice the difference is often only conceptual. But in theory, virtually any type can have it. For example, double. Usually it is implemented in accordance with IEEE-754 standard, in which the logical zero and physical zero are the same. But IEEE-754 is not required by the language. So it might happen that when you do double d = 0; (logical zero), physically some bits in memory occupied by d will not be zero.
– AnTFeb 26 '10 at 19:17

I'm pretty sure this is not a portable construct. The result of creating a multi-character constant is implementation-defined.
– Mark BesseyOct 17 '08 at 4:18

8

The "not portable" comments miss the point entirely. It is like criticizing a program for using INT_MAX just because INT_MAX is "not portable" :) This feature is as portable as it needs to be. Multi-char constant is an extremely useful feature that provides readable way to for generating unique integer IDs.
– AnTOct 28 '09 at 10:36

1

@Chris Lutz - I'm pretty sure the trailing comma goes all the way back to K&R. It's described in the second edition (1988).
– FerruccioOct 28 '09 at 11:15

1

@Ferruccio: You must be thinking about the trailing comma in the aggregate initailizer lists. As for the trailing comma in enum declarations - it's a recent addition, C99.
– AnTOct 28 '09 at 17:59

The combination of structs and unions is even more interesting - on embedded systems or low level driver code. An example is when you like to parse the registers of an SD card, you can read it in using union (1) and read it out using union (2) which is a struct of bitfields.
– ComSubVieSep 25 '08 at 11:09

5

Bitfields are not portable -- the compiler can choose freely whether, in your example, legs will be allocated the most significant 3 bits, or the least significant 3 bits.
– zvrbaSep 25 '08 at 14:25

3

Bitfields are an example of where the standard gives implementations so much freedom in how they're inplemented, that in practice, they're nearly useless. If you care how many bits a value takes up, and how it's stored, you're better off using bitmasks.
– Mark BesseyOct 17 '08 at 4:13

26

Bitfields are indeed portable as long as you treat them as the structure elements they are, and not "pieces of integers." Size, not location, matters in an embedded system with limited memory, as each bit is precious ... but most of today's coders are too young to remember that. :-)
– Adam LissOct 26 '08 at 0:41

5

@Adam: location may well matter in an embedded system (or elsewhere), if you are depending on the position of the bitfield within its byte. Using masks removes any ambiguity. Similarly for unions.
– Steve MelnikoffMar 1 '09 at 22:51

In general, though, I don't like the tricks that are clever but make the code unnecessarily complicated to read (as the swap example) and I love the ones that make the code clearer and directly conveying the intention (like the FSM example).

C supports chaining, so you can do a ^= b ^= a ^= b;
– OJ.Sep 25 '08 at 10:06

4

Strictly speaking, the state example is a tick of the preprocessor, and not the C language - it is possible to use the former without the latter.
– Greg WhitfieldSep 25 '08 at 13:10

15

OJ: actually what you suggest is undefined behavior because of sequence point rules. It may work on most compilers, but is not correct or portable.
– Evan TeranSep 25 '08 at 14:14

5

Xor swap could actually be less efficient in the case of a free register. Any decent optimizer would make the temp variable be a register. Depending on implementation (and need for parallelism support) the swap might actually use real memory instead of a register (which would be the same).
– Paul de VriezeOct 17 '08 at 9:49

@ComSubVie, anyone who uses Duff's Device is a script kiddy who saw Duff's Device and thought their code would look 1337 if they used Duff's Device. (1.) Duff's Device doesn't offer any performance increases on modern processor because modern processors have zero-overhead-looping. In other words it is an obsolete piece of code. (2.) Even if your processor doesn't offer zero-overhead-looping, it will probably have something like SSE/altivec/vector-processing which will put your Duff's Device to shame when you use memcpy(). (3.) Did I mention that other that doing memcpy() duff's is not useful?
– Trevor Boyd SmithJun 11 '09 at 13:50

@Trevor Boyd Smith : While the Duff's Device appears outdated, it's still an historical curiosity, which validates ComSubVie's answer. Anyway, quoting Wikipedia : "When numerous instances of Duff's device were removed from the XFree86 Server in version 4.0, there was a notable improvement in performance."...
– paercebalMay 8 '10 at 9:01

2

On Symbian, we once evaluated various loops for fast pixel coding; the duff's device, in assembler, was the fastest. So it still had relevance on the mainstream ARM cores on your smartphones today.
– WillOct 25 '10 at 8:37

gcc has a number of extensions to the C language that I enjoy, which can be found here. Some of my favorites are function attributes. One extremely useful example is the format attribute. This can be used if you define a custom function that takes a printf format string. If you enable this function attribute, gcc will do checks on your arguments to ensure that your format string and arguments match up and will generate warnings or errors as appropriate.

Well... I think that one of the strong points of C language is its portability and standardness, so whenever I find some "hidden trick" in the implementation I am currently using, I try not to use it because I try to keep my C code as standard and portable as possible.

And the code is more stable if you code like that ;)
– JohanJun 22 '09 at 5:43

But in reality, how often do you have to compile your code with another compiler?
– Joe DJun 7 '10 at 18:26

3

@Joe D if its a cross platform project like Windows/OSX/Linux, probably a bit, and also there's different arch such as x86 vs x86_64 and etc...
– PharaunNov 11 '10 at 17:13

@JoeD Unless you're in a very narrowminded project that's happy to marry one compiler vendor, very. You might want to avoid actually having to switch compilers, but you do want to keep that option open. With embedded systems, you don't always get a choice, though. AHS, ASS.
– XTLFeb 17 '12 at 7:34

I was quite surprised not seeing it allready in the answers, as all compilers I know of support it, but many programmers seems to ignore it. Sometimes it's really handy and not only when writing macros.

Use case I have in my current code:
I have a #define PATH "/some/path/" in a configuration file (really it is setted by the makefile). Now I want to build the full path including filenames to open ressources. It just goes to:

This is also important in a multi-developer environment where, for instance, Eric adds in "baz," and then George adds in "boom,". If Eric decides to pull his code out for the next project build, it still compiles with George's change. Very important for multi-branch source code control and overlapping development schedules.
– Harold BamfordJun 30 '09 at 21:50

Of course, there are performance implications to passing round large structs in this way; it's often useful (and is indeed something a lot of people don't realise you can do) but you need to consider whether passing pointers is better.
– Mark BakerOct 17 '08 at 8:47

1

Of course, there might be. Ít's also quite possible for the compiler to detect the usage and optimize it.
– unwindOct 17 '08 at 8:57

Be careful if any of the elements are pointers, as you'll be copying the pointers themselves, not their contents. Of course, the same is true if you use memcpy().
– Adam LissOct 26 '08 at 0:27

The compiler can't optimize this converting by-value passing with by-referenece, unless it can do global optimizations.
– BlaisorbladeJan 19 '09 at 0:20

It's probably worth noting that in C++ the standard specifically allows optimizing away the copy (the standard has to allow for it for compilers to implement it because it means the copy constructor which may have side effects may not be called), and since most C++ compilers are also C compilers, there's a good chance your compiler does do this optimization.
– Joseph GarvinFeb 21 '10 at 17:05

C compilers implement one of several standards. However, having a standard does not mean that all aspects of the language are defined. Duff's device, for example, is a favorite 'hidden' feature that has become so popular that modern compilers have special purpose recognition code to ensure that optimization techniques do not clobber the desired effect of this often used pattern.

In general hidden features or language tricks are discouraged as you are running on the razor edge of whichever C standard(s) your compiler uses. Many such tricks do not work from one compiler to another, and often these kinds of features will fail from one version of a compiler suite by a given manufacturer to another version.

Various tricks that have broken C code include:

Relying on how the compiler lays out structs in memory.

Assumptions on endianness of integers/floats.

Assumptions on function ABIs.

Assumptions on the direction that stack frames grow.

Assumptions about order of execution within statements.

Assumptions about order of execution of statements in function arguments.

Assumptions on the bit size or precision of short, int, long, float and double types.

Other problems and issues that arise whenever programmers make assumptions about execution models that are all specified in most C standards as 'compiler dependent' behavior.

To solve most of those, make those assumptions dependant on the characteristics of your platform, and describe each platform in his own header. Order execution is an exception - never rely on that; on the other ideas, each platform needs having a reliable decision.
– BlaisorbladeJan 19 '09 at 0:17

2

@Blaisorblade, Even better, use compile-time assertions to document your assumptions in a way that will make the compile fail on a platform where they are violated.
– RBerteigAug 1 '10 at 0:06

I think one should combine both, so that your code works on multiple platforms (that was the original intention), and if the feature macros are set the wrong way, compile-time assertions will catch it. I'm not sure if, say, assumption on function ABIs are checkable as compile-time assertions, but it should be possible for most of the other (valid) ones (except order of execution ;-)).
– BlaisorbladeAug 2 '10 at 13:01

Function ABI checks should be handled by a test suite.
– dolmenMar 28 '11 at 21:30

I don't think it's portable. It will work on x86, but what about other platforms?
– Cristian CiupituSep 25 '08 at 19:25

1

I have no idea - You should post a question about it
– Dror HelperDec 8 '08 at 16:48

1

@ Dror Helper No, this type of thing should be "you should try it yourself"...
– Ape-inagoMar 4 '09 at 15:53

2

It's a good technique and it is X86 specific (although there are probably similar techniques on other platforms). However, this is not a feature of C. It depends on non-standard C extensions or library calls.
– FerruccioJun 22 '09 at 12:28

1

In GCC there is __builtin_trap and for MSVC __debugbreak which will work on any supported architecture.
– Axel GneitingJun 7 '10 at 19:05

My favorite "hidden" feature of C, is the usage of %n in printf to write back to the stack. Normally printf pops the parameter values from the stack based on the format string, but %n can write them back.

Check out section 3.4.2 here. Can lead to a lot of nasty vulnerabilities.

the link is not working anymore, in fact the site itself seems is not working. Can you provide another link?
– thequarkJan 7 '11 at 4:39

@thequark: Any article on "format string vulnerabilities" will have some info in it.. (e.g. crypto.stanford.edu/cs155/papers/formatstring-1.2.pdf) .. However due to the nature of the field, the security websites themselves are a bit flaky and real academic articles are hard to come by (with implementation).
– Sridhar IyerJan 7 '11 at 7:08

+1 Neat. I used to use the CompilerAssert macro from Microsoft, but yours is not bad either. (#define CompilerAssert(exp) extern char _CompilerAssert[(exp)?1:-1])
– Patrick SchlüterNov 27 '10 at 12:52

1

I like the enumeration method. The approach I'd used before took advantage of dead code elimination: "if (something_bad) {void BLORG_IS_WOOZLED(void); BLORG_IS_WOOZLED();}" which didn't error until link time, though it did offer the advantage of letting the programmer know via error message that the blorg was woozled.
– supercatAug 25 '11 at 21:28

You end up with a buffer on the stack with room for the fixed-size protocol header plus variable size data. You can get the same effect with alloca(), but this syntax is more compact.

You have to make sure extraPadding is a reasonable value before calling this routine, or you end up blowing the stack. You'd have to sanity check the arguments before calling malloc or any other memory allocation technique, so this isn't really unusual.